diff --git a/cmd/k8s-operator/operator_test.go b/cmd/k8s-operator/operator_test.go
index cdbe668b2..00cea9e92 100644
--- a/cmd/k8s-operator/operator_test.go
+++ b/cmd/k8s-operator/operator_test.go
@@ -108,9 +108,6 @@ func TestLoadBalancerClass(t *testing.T) {
 					{
 						IP: "100.99.98.97",
 					},
-					{
-						IP: "2c0a:8083:94d4:2012:3165:34a5:3616:5fdf",
-					},
 				},
 			},
 		},
@@ -375,9 +372,6 @@ func TestAnnotationIntoLB(t *testing.T) {
 					{
 						IP: "100.99.98.97",
 					},
-					{
-						IP: "2c0a:8083:94d4:2012:3165:34a5:3616:5fdf",
-					},
 				},
 			},
 		},
@@ -467,9 +461,6 @@ func TestLBIntoAnnotation(t *testing.T) {
 					{
 						IP: "100.99.98.97",
 					},
-					{
-						IP: "2c0a:8083:94d4:2012:3165:34a5:3616:5fdf",
-					},
 				},
 			},
 		},
diff --git a/cmd/k8s-operator/svc.go b/cmd/k8s-operator/svc.go
index 954b825a8..a14a61c61 100644
--- a/cmd/k8s-operator/svc.go
+++ b/cmd/k8s-operator/svc.go
@@ -8,6 +8,7 @@ package main
 import (
 	"context"
 	"fmt"
+	"net/netip"
 	"strings"
 
 	"go.uber.org/zap"
@@ -121,6 +122,11 @@ func (a *ServiceReconciler) maybeProvision(ctx context.Context, logger *zap.Suga
 		tags = strings.Split(tstr, ",")
 	}
 
+	clusterIPAddr, err := netip.ParseAddr(svc.Spec.ClusterIP)
+	if err != nil {
+		return fmt.Errorf("failed to parse cluster IP: %w", err)
+	}
+
 	sts := &tailscaleSTSConfig{
 		ParentResourceName:  svc.Name,
 		ParentResourceUID:   string(svc.UID),
@@ -158,7 +164,13 @@ func (a *ServiceReconciler) maybeProvision(ctx context.Context, logger *zap.Suga
 		{Hostname: tsHost},
 	}
 	for _, ip := range tsIPs {
-		ingress = append(ingress, corev1.LoadBalancerIngress{IP: ip})
+		addr, err := netip.ParseAddr(ip)
+		if err != nil {
+			continue
+		}
+		if addr.Is4() == clusterIPAddr.Is4() { // only add addresses of the same family
+			ingress = append(ingress, corev1.LoadBalancerIngress{IP: ip})
+		}
 	}
 	svc.Status.LoadBalancer.Ingress = ingress
 	if err := a.Status().Update(ctx, svc); err != nil {